<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-CN" lang="zh-CN">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	<meta name="keywords" content="SecWiki，维基，安全，资讯，专题，导航，RSS聚合，Ｗeb安全，Ｗeb安全，移动平台，二进制安全，恶意分析，网络安全，设备安全，运维技术，编程技术，书籍推荐">
	<title>SecWiki周刊（第178期)</title>
	<link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/bootstrap.css"/>
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/styles.css" />
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/people.css" />
    <link rel="shortcut icon" href="https://secwiki.b0.upaiyun.com/img/favicon.ico">
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <script src="//upcdn.b0.upaiyun.com/libs/jquery/jquery-1.8.3.min.js"></script>
</head>

<body>
<div class="navbar navbar-fixed-top"><div class="navbar-inner"><div class="container"><a class="btn btn-navbar" data-toggle="collapse" data-target="#yii_bootstrap_collapse_0"><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span></a><a href="/index.php" class="brand"><img src="https://secwiki.b0.upaiyun.com/logo.jpg" alt="" /></a><div class="nav-collapse collapse" id="yii_bootstrap_collapse_0"><form class="navbar-search pull-right" action="/news/search">
         <input type="text" class="search-query span2" name="wd" placeholder="SecWiki">
        </form>
    	<ul id="yw0" class="nav"><li><a href="/index.php">首页</a></li><li><a href="/event">新闻</a></li><li><a href="/news">技术</a></li><li><a href="/skill">技能</a></li><li><a href="/topic">专题</a></li><li><a href="/book">书籍</a></li><li><a href="/user/members">成员</a></li><li><a href="/opml/index">聚合</a></li><li><a href="/tougao/create">投稿</a></li></ul></div></div></div></div>
<div class="container" id="page">
			<!-- breadcrumbs -->
	
    <div style="margin-left: 15px;">
	    <div class="row-fluid">
    <div id="content">
            <link rel="stylesheet" type="text/css" href="/css/mweekly.css"/>

<h5><strong>SecWiki周刊（第178期）</strong></h5>
<blockquote> 2017/07/24-2017/07/30</blockquote>
<section id="news">
    <div class="weeklydivide">
      <strong>安全资讯</strong>
    </div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>新三板网络安全公司完全名单2017Q2 <br><a target="_blank" href="https://www.sec-un.org/%e6%96%b0%e4%b8%89%e6%9d%bf%e7%bd%91%e7%bb%9c%e5%ae%89%e5%85%a8%e5%85%ac%e5%8f%b8%e5%ae%8c%e5%85%a8%e5%90%8d%e5%8d%952017q2/">https://www.sec-un.org/%e6%96%b0%e4%b8%89%e6%9d%bf%e7%bd%91%e7%bb%9c%e5%ae%89%e5%85%a8%e5%85%ac%e5%8f%b8%e5%ae%8c%e5%85%a8%e5%90%8d%e5%8d%952017q2/</a></div><div class="single"><span id="tags">[会议]&nbsp;&nbsp;</span>​Black Hat 2017：不容错过的七大主题演讲<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI4MjA1MzkyNA==&amp;mid=2655295536&amp;idx=1&amp;sn=3c4a3a70208b60ea81b1283585d542ba&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MzI4MjA1MzkyNA==&amp;mid=2655295536&amp;idx=1&amp;sn=3c4a3a70208b60ea81b1283585d542ba&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>Tor也加入了漏洞奖励计划，悬赏4000美元挖漏洞<br><a target="_blank" href="http://www.4hou.com/info/news/6771.html">http://www.4hou.com/info/news/6771.html</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>[译]攻击者如何利用机器学习预测BEC成功<br><a target="_blank" href="https://www.520waf.com/2017/07/business-email-compromise/">https://www.520waf.com/2017/07/business-email-compromise/</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>维基解密曝第18批Vault7文件：CIA“帝国”项目 <br><a target="_blank" href="https://www.easyaq.com/news/1721672781.shtml">https://www.easyaq.com/news/1721672781.shtml</a></div></section><section id="news">
    <div class="weeklydivide">
      <strong>安全技术</strong>
    </div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>Black Hat USA 2017 议题 PPT 下载(部分)<br><a target="_blank" href="https://www.blackhat.com/us-17/briefings.html">https://www.blackhat.com/us-17/briefings.html</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>defcon 2017 PPT 下载<br><a target="_blank" href="https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/?C=S&amp;O=D">https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/?C=S&amp;O=D</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>2017网络安全生态峰会议题PPT 密码#ece1<br><a target="_blank" href="https://2e31da.link.eyun.360.cn/lk/surl_yVrRVCtVS89">https://2e31da.link.eyun.360.cn/lk/surl_yVrRVCtVS89</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>sql注入常规思路及奇葩技巧<br><a target="_blank" href="http://mp.weixin.qq.com/s/hBkJ1M6LRgssNyQyati1ng">http://mp.weixin.qq.com/s/hBkJ1M6LRgssNyQyati1ng</a></div><div class="single"><span id="tags">[论文]&nbsp;&nbsp;</span>四大顶会之USENIX Security &#039;17 录用论文及议题列表<br><a target="_blank" href="https://www.usenix.org/conference/usenixsecurity17/technical-sessions">https://www.usenix.org/conference/usenixsecurity17/technical-sessions</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>渗透测试学习平台Web For Pentester<br><a target="_blank" href="http://uknowsec.cn/posts/notes/Web-For-Pentester-I-%E7%BB%83%E4%B9%A0%E7%AC%94%E8%AE%B0.html">http://uknowsec.cn/posts/notes/Web-For-Pentester-I-%E7%BB%83%E4%B9%A0%E7%AC%94%E8%AE%B0.html</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>基于威胁情报的攻击组织画像与溯源<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MjM5MTA3Nzk4MQ==&amp;mid=2650171036&amp;idx=1&amp;sn=9de1c828c46d989fc9e4cf72a8653401&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MjM5MTA3Nzk4MQ==&amp;mid=2650171036&amp;idx=1&amp;sn=9de1c828c46d989fc9e4cf72a8653401&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>FudanDNN-NLP：基于深度学习的中文自然语言处理工具<br><a target="_blank" href="http://openkg.cn/tool/fudandnn-nlp">http://openkg.cn/tool/fudandnn-nlp</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>[Bypass WAF] Php webshell without numbers and letters<br><a target="_blank" href="https://securityonline.info/bypass-waf-php-webshell-without-numbers-letters">https://securityonline.info/bypass-waf-php-webshell-without-numbers-letters</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>态势感知的支撑和价值落地<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MjM5MTA3Nzk4MQ==&amp;mid=2650171021&amp;idx=1&amp;sn=5a07b4792cbb0bb0edbd52b2d2a6c5fb&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MjM5MTA3Nzk4MQ==&amp;mid=2650171021&amp;idx=1&amp;sn=5a07b4792cbb0bb0edbd52b2d2a6c5fb&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>xssfork-一款xss探测工具<br><a target="_blank" href="http://www.codersec.net/2017/07/xssfork%E4%B8%80%E6%AC%BExss%E6%8E%A2%E6%B5%8B%E5%B7%A5%E5%85%B7/">http://www.codersec.net/2017/07/xssfork%E4%B8%80%E6%AC%BExss%E6%8E%A2%E6%B5%8B%E5%B7%A5%E5%85%B7/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Redemption: Real-time Protection Against Ransomware at End-Hosts 勒索软件检测<br><a target="_blank" href="http://www.ccs.neu.edu/home/mkharraz/publications/raid2017redemption.pdf">http://www.ccs.neu.edu/home/mkharraz/publications/raid2017redemption.pdf</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>UPX源码分析——加壳篇<br><a target="_blank" href="http://bbs.ichunqiu.com/thread-19345-1-1.html?from=sec">http://bbs.ichunqiu.com/thread-19345-1-1.html?from=sec</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>机器学习识别XSS实践<br><a target="_blank" href="https://www.cdxy.me/?p=773">https://www.cdxy.me/?p=773</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>如何使用Fuzzing挖掘ImageMagick的漏洞<br><a target="_blank" href="https://github.com/lcatro/Fuzzing-ImageMagick/blob/master/%E5%A6%82%E4%BD%95%E4%BD%BF%E7%94%A8Fuzzing%E6%8C%96%E6%8E%98ImageMagick">https://github.com/lcatro/Fuzzing-ImageMagick/blob/master/%E5%A6%82%E4%BD%95%E4%BD%BF%E7%94%A8Fuzzing%E6%8C%96%E6%8E%98ImageMagick</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>网络威胁情报标准：STIX标准<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI4NzU2NjU4NQ==&amp;mid=2247485182&amp;idx=1&amp;sn=c8a245647d1a96e9f542a191d88cfbc1&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MzI4NzU2NjU4NQ==&amp;mid=2247485182&amp;idx=1&amp;sn=c8a245647d1a96e9f542a191d88cfbc1&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>报告一 阿里云安骑士 Webshell规则逆向<br><a target="_blank" href="https://mp.weixin.qq.com/s/oZ7Jmo_rIblGYArHecn7lQ">https://mp.weixin.qq.com/s/oZ7Jmo_rIblGYArHecn7lQ</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>exploit module for CVE-2017-8464 LNK Code Execution Vulnerability<br><a target="_blank" href="https://github.com/rapid7/metasploit-framework/pull/8767">https://github.com/rapid7/metasploit-framework/pull/8767</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>Wi-Fi定位劫持<br><a target="_blank" href="http://www.toutiao.com/i6441022034590827010/">http://www.toutiao.com/i6441022034590827010/</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>简易BadUSB，攻击效果不简单<br><a target="_blank" href="http://www.toutiao.com/i6446159632455959053/">http://www.toutiao.com/i6446159632455959053/</a></div><div class="single"><span id="tags">[观点]&nbsp;&nbsp;</span>CSA云计算关键领域安全指南4.0 （中文版）剖析<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI4MTIyNjkxOQ==&amp;mid=2247484179&amp;idx=1&amp;sn=afbd75c6631b6f12f1657d6f04a9f6de&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MzI4MTIyNjkxOQ==&amp;mid=2247484179&amp;idx=1&amp;sn=afbd75c6631b6f12f1657d6f04a9f6de&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Burpsuite常用模块详解以及渗透测试上的运用<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-25058-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-25058-1-1.html?from=sec</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>WordPress插件WP Statistics SQL注入漏洞分析<br><a target="_blank" href="https://www.bksec.net/Web/WordPress-WP-Statistics-SQLinjection.html">https://www.bksec.net/Web/WordPress-WP-Statistics-SQLinjection.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>基于Falcon的滴滴内部监控系统<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzAwMDU1MTE1OQ==&amp;mid=2653548916&amp;idx=1&amp;sn=ed50fae989b08eed3b9a5c754fa70b23&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MzAwMDU1MTE1OQ==&amp;mid=2653548916&amp;idx=1&amp;sn=ed50fae989b08eed3b9a5c754fa70b23&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>基于docker的蜜罐学习<br><a target="_blank" href="http://mp.weixin.qq.com/s/C7RqU6NfOKgYyN_HsFxXNw">http://mp.weixin.qq.com/s/C7RqU6NfOKgYyN_HsFxXNw</a></div><div class="single"><span id="tags">[比赛]&nbsp;&nbsp;</span>2017-NSCTF-PWN<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==&amp;mid=2247484473&amp;idx=1&amp;sn=92ebb380124fa3451777b17d62660631&amp;chksm=ec1e3411db69bd0729228043f3caf38089392455edfb0b858074161bc48e1934edc418448f84#rd">https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==&amp;mid=2247484473&amp;idx=1&amp;sn=92ebb380124fa3451777b17d62660631&amp;chksm=ec1e3411db69bd0729228043f3caf38089392455edfb0b858074161bc48e1934edc418448f84#rd</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Use Office to maintain persistence 利用Office软件实现长久控制<br><a target="_blank" href="https://3gstudent.github.io/3gstudent.github.io/Use-Office-to-maintain-persistence/">https://3gstudent.github.io/3gstudent.github.io/Use-Office-to-maintain-persistence/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>MicroScan 基于B/S架构微扫描器<br><a target="_blank" href="https://github.com/MiniSafe/microscan">https://github.com/MiniSafe/microscan</a></div><div class="single"><span id="tags">[比赛]&nbsp;&nbsp;</span>ctf初识与深入<br><a target="_blank" href="http://mp.weixin.qq.com/s/1PrWW6mrRSCFOwl2xqDhmQ">http://mp.weixin.qq.com/s/1PrWW6mrRSCFOwl2xqDhmQ</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>linux渗透测试<br><a target="_blank" href="http://mp.weixin.qq.com/s/CIbk_Dcqk1Z2IL24czEuBg">http://mp.weixin.qq.com/s/CIbk_Dcqk1Z2IL24czEuBg</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>WiFi定位劫持·续篇——GPS劫持<br><a target="_blank" href="http://www.toutiao.com/i6441333182192157186/">http://www.toutiao.com/i6441333182192157186/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>web端权限维持<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-19144-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-19144-1-1.html?from=sec</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Android版本的&quot;Wannacry&quot;文件加密病毒样本分析(附带锁机)<br><a target="_blank" href="http://www.52pojie.cn/thread-627399-1-1.html">http://www.52pojie.cn/thread-627399-1-1.html</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>通过 WebView 攻击 Android 应用<br><a target="_blank" href="https://zhuanlan.zhihu.com/p/28107901">https://zhuanlan.zhihu.com/p/28107901</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>报告二 腾讯云 Webshell检测规则逆向<br><a target="_blank" href="https://mp.weixin.qq.com/s/3Zx2FTXXxpTiqe56b8hJQg">https://mp.weixin.qq.com/s/3Zx2FTXXxpTiqe56b8hJQg</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>恶意充电宝的克星——USB安全接口<br><a target="_blank" href="http://www.toutiao.com/i6446917020100329997/">http://www.toutiao.com/i6446917020100329997/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>数据中心机房标准及规范汇总 密码# gzek<br><a target="_blank" href="https://pan.baidu.com/s/1eSOnL7c">https://pan.baidu.com/s/1eSOnL7c</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>SecWiki周刊（第177期)<br><a target="_blank" href="https://www.sec-wiki.com/weekly/177">https://www.sec-wiki.com/weekly/177</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>SLocker: Android ransomware<br><a target="_blank" href="https://github.com/fs0c1ety/SLocker">https://github.com/fs0c1ety/SLocker</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>红日安全16期<br><a target="_blank" href="http://mp.weixin.qq.com/s/EjtNGFTQ0AtCW5KpVYCm6A">http://mp.weixin.qq.com/s/EjtNGFTQ0AtCW5KpVYCm6A</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>国内外敏感信息泄露案例汇总分析<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&amp;mid=2651072625&amp;idx=1&amp;sn=0f286b169f1bfe74b5b3707f7e0f6224&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&amp;mid=2651072625&amp;idx=1&amp;sn=0f286b169f1bfe74b5b3707f7e0f6224&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>渗透测试教程：如何侦查目标以及收集信息？<br><a target="_blank" href="http://www.4hou.com/penetration/6850.html">http://www.4hou.com/penetration/6850.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>网络安全线上资源大全<br><a target="_blank" href="http://www.aqniu.com/learn/27008.html">http://www.aqniu.com/learn/27008.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>bypassGET和POST的注入防御思路分享<br><a target="_blank" href="http://bbs.ichunqiu.com/thread-16134-1-1.html?from=sec">http://bbs.ichunqiu.com/thread-16134-1-1.html?from=sec</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>如何运用kali-xplico网络取证分析？<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-24825-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-24825-1-1.html?from=sec</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>定位攻略和方法总结<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-25000-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-25000-1-1.html?from=sec</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Orange: From SSRF Execution Chain to RCE!<br><a target="_blank" href="http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html">http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>一个故事讲完https<br><a target="_blank" href="https://mp.weixin.qq.com/s/StqqafHePlBkWAPQZg3NrA">https://mp.weixin.qq.com/s/StqqafHePlBkWAPQZg3NrA</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>从企业现场看工控安全现状<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&amp;mid=2651061690&amp;idx=1&amp;sn=e91c8b062fb3e997d18950e55bc5af49&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&amp;mid=2651061690&amp;idx=1&amp;sn=e91c8b062fb3e997d18950e55bc5af49&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>反击“猫眼电影”网站的反爬虫策略<br><a target="_blank" href="http://www.freebuf.com/news/140965.html">http://www.freebuf.com/news/140965.html</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Deep Learning for detection with XSS<br><a target="_blank" href="https://github.com/SparkSharly/DL_for_xss">https://github.com/SparkSharly/DL_for_xss</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>BurpSuite插件：利用BurpSuite Spider收集子域名和相似域名<br><a target="_blank" href="http://www.polaris-lab.com/index.php/archives/349/">http://www.polaris-lab.com/index.php/archives/349/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>浅谈macRansom<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&amp;mid=2458284204&amp;idx=1&amp;sn=1f45d8c97686ee0f2403163959a80ff6&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&amp;mid=2458284204&amp;idx=1&amp;sn=1f45d8c97686ee0f2403163959a80ff6&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>威胁情报：随笔<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzA3MTEwNDE1NA==&amp;mid=2649431959&amp;idx=1&amp;sn=258e65aada6ab546b28043359fca2cb4&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MzA3MTEwNDE1NA==&amp;mid=2649431959&amp;idx=1&amp;sn=258e65aada6ab546b28043359fca2cb4&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span> XSS易容术---bypass之编码混淆篇+辅助脚本编写<br><a target="_blank" href="http://bbs.ichunqiu.com/thread-17500-1-1.html?from=sec">http://bbs.ichunqiu.com/thread-17500-1-1.html?from=sec</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>宽字节注入深入研究 <br><a target="_blank" href="http://www.evilclay.com/2017/07/20/%E5%AE%BD%E5%AD%97%E8%8A%82%E6%B3%A8%E5%85%A5%E6%B7%B1%E5%85%A5%E7%A0%94%E7%A9%B6/">http://www.evilclay.com/2017/07/20/%E5%AE%BD%E5%AD%97%E8%8A%82%E6%B3%A8%E5%85%A5%E6%B7%B1%E5%85%A5%E7%A0%94%E7%A9%B6/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>IP地址相关技术总结<br><a target="_blank" href="https://mp.weixin.qq.com/mp/homepage?__biz=MzA4MjI2MTcwMw==&amp;hid=6&amp;sn=4fd0bd18bc4c7e8d30821257f7bea667&amp;devicetype=iOS10.3.2&amp;version=12020810&amp;lang=zh_CN&amp;nettype=WIFI&amp;fontScale=100&amp;pass_ticket=PJ6q4QUF4f5bYBGsYqsvKcwE4XNT3%2FXae8vuEEH8A2d%2FHQj9OMeaEvdb2yME0nXo&amp;wx_header=1&amp;scene=1">https://mp.weixin.qq.com/mp/homepage?__biz=MzA4MjI2MTcwMw==&amp;hid=6&amp;sn=4fd0bd18bc4c7e8d30821257f7bea667&amp;devicetype=iOS10.3.2&amp;version=12020810&amp;lang=zh_CN&amp;nettype=WIFI&amp;fontScale=100&amp;pass_ticket=PJ6q4QUF4f5bYBGsYqsvKcwE4XNT3%2FXae8vuEEH8A2d%2FHQj9OMeaEvdb2yME0nXo&amp;wx_header=1&amp;scene=1</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>详述MSSQL服务在渗透测试中的利用<br><a target="_blank" href="http://bbs.ichunqiu.com/thread-17737-1-1.html?from=sec">http://bbs.ichunqiu.com/thread-17737-1-1.html?from=sec</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>获取来源IP地址的正确姿势<br><a target="_blank" href="http://www.freebuf.com/articles/web/140669.html">http://www.freebuf.com/articles/web/140669.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>报告三 Webshell检测模块与模块测试(上篇）<br><a target="_blank" href="https://mp.weixin.qq.com/s/8PauKA6KU3TXp2FEmcoqeQ">https://mp.weixin.qq.com/s/8PauKA6KU3TXp2FEmcoqeQ</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>如何用Python做舆情时间序列可视化？<br><a target="_blank" href="http://mp.weixin.qq.com/s/JGHSH_TH25GBwGJdLBgnmA">http://mp.weixin.qq.com/s/JGHSH_TH25GBwGJdLBgnmA</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>用代码来细说Csrf漏洞危害以及防御<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-24127-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-24127-1-1.html?from=sec</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>用于Windows 7+的Intel VT-X / EPT进程监控工具（如Process Monitor）<br><a target="_blank" href="https://github.com/hzqst/Syscall-Monitor">https://github.com/hzqst/Syscall-Monitor</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>CNNVD 关于Apache Tomcat安全绕过漏洞情况的通报<br><a target="_blank" href="http://mp.weixin.qq.com/s/fkBVw0BH5kcc0jdKC4c9ZA">http://mp.weixin.qq.com/s/fkBVw0BH5kcc0jdKC4c9ZA</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>htcap：一款递归型的Web应用扫描器<br><a target="_blank" href="http://www.4hou.com/tools/6811.html">http://www.4hou.com/tools/6811.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>安普诺CEO张涛先生之再谈WebShell检测<br><a target="_blank" href="http://www.freebuf.com/company-information/141538.html">http://www.freebuf.com/company-information/141538.html</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>利用彩虹表破解hash<br><a target="_blank" href="http://mp.weixin.qq.com/s/tox_-zapKStuAgkBbjp2kA">http://mp.weixin.qq.com/s/tox_-zapKStuAgkBbjp2kA</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>pyt: 针对 Python 应用程序的源码静态分析工具<br><a target="_blank" href="https://github.com/python-security/pyt">https://github.com/python-security/pyt</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>与http头安全相关的安全选项<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==&amp;mid=2247484432&amp;idx=1&amp;sn=d3d07846e893892ed6358859ea677c58&amp;chksm=ec1e3438db69bd2e4eab06c388003d8fbbcc3757bf3513ab6c31ff6f47b753984c69b7f30f43#rd">https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==&amp;mid=2247484432&amp;idx=1&amp;sn=d3d07846e893892ed6358859ea677c58&amp;chksm=ec1e3438db69bd2e4eab06c388003d8fbbcc3757bf3513ab6c31ff6f47b753984c69b7f30f43#rd</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Dump LAPS passwords with ldapsearch<br><a target="_blank" href="https://room362.com/post/2017/dump-laps-passwords-with-ldapsearch/">https://room362.com/post/2017/dump-laps-passwords-with-ldapsearch/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>精选 Flexport 在 HackerOne 这一年 6 个有趣的安全漏洞<br><a target="_blank" href="http://paper.seebug.org/358/">http://paper.seebug.org/358/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>mjet: Mogwai Java Management Extensions (JMX) Exploitation Toolkit<br><a target="_blank" href="https://github.com/mogwaisec/mjet">https://github.com/mogwaisec/mjet</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>How i Hacked into a PayPal&#039;s Server<br><a target="_blank" href="http://blog.pentestbegins.com/2017/07/21/hacking-into-paypal-server-remote-code-execution-2017/">http://blog.pentestbegins.com/2017/07/21/hacking-into-paypal-server-remote-code-execution-2017/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>浅析OGNL表达式求值（S2003/005/009跟踪调试记录）<br><a target="_blank" href="https://xianzhi.aliyun.com/forum/read/1902.html">https://xianzhi.aliyun.com/forum/read/1902.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>从零开始学习渗透Node.js应用程序<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-21810-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-21810-1-1.html?from=sec</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>安全事件响应想要成功 需要具备5个条件囊括6类人 AT&amp;T团队分享他们的经验<br><a target="_blank" href="http://toutiao.secjia.com/incident-response-team-point">http://toutiao.secjia.com/incident-response-team-point</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Threat-Intelligence-Analyst: 威胁情报，恶意样本分析，开源Malware代码收集<br><a target="_blank" href="https://github.com/pandazheng/Threat-Intelligence-Analyst">https://github.com/pandazheng/Threat-Intelligence-Analyst</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>报告三 webshell检测模块与模块测试（下）<br><a target="_blank" href="https://mp.weixin.qq.com/s/yh_uX8jPfbn-_wzGOkugaA">https://mp.weixin.qq.com/s/yh_uX8jPfbn-_wzGOkugaA</a></div><div class="single"><span id="tags">[论文]&nbsp;&nbsp;</span>保护内网域安全之扫描Active Directory特权和特权帐户（二）<br><a target="_blank" href="http://www.4hou.com/penetration/5529.html">http://www.4hou.com/penetration/5529.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>CDN校验漏洞催生海量网络投毒-正式报告<br><a target="_blank" href="https://www.sec-un.com/static/doc/CDN_Checksum_Vulnerability_Analysis.pdf">https://www.sec-un.com/static/doc/CDN_Checksum_Vulnerability_Analysis.pdf</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>反入侵之发现后门利用mount-bind将进程和端口信息隐匿<br><a target="_blank" href="http://www.freebuf.com/articles/network/140535.html">http://www.freebuf.com/articles/network/140535.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Friday the 13th: JSON Attacks<br><a target="_blank" href="https://www.blackhat.com/docs/us-17/thursday/us-17-Munoz-Friday-The-13th-Json-Attacks.pdf">https://www.blackhat.com/docs/us-17/thursday/us-17-Munoz-Friday-The-13th-Json-Attacks.pdf</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>文档元数据——基础信息泄露的源头<br><a target="_blank" href="http://www.4hou.com/technology/6857.html">http://www.4hou.com/technology/6857.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>再谈同源策略<br><a target="_blank" href="https://lightless.me/archives/review-SOP.html">https://lightless.me/archives/review-SOP.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>GoAccess: open source real-time web log analyzer and  interactive viewer <br><a target="_blank" href="https://goaccess.io/">https://goaccess.io/</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>使用python及工具包进行简单的验证码识别<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-25093-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-25093-1-1.html?from=sec</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>轻松劫持无人机，安全问题令人堪忧<br><a target="_blank" href="http://www.toutiao.com/i6442448924916580878/">http://www.toutiao.com/i6442448924916580878/</a></div><div class="single"><span id="tags">[观点]&nbsp;&nbsp;</span>黑帽大会20年精选：亮点、争议与夭折<br><a target="_blank" href="http://mp.weixin.qq.com/s/haNPBtZgPppysdqfVRmpxQ">http://mp.weixin.qq.com/s/haNPBtZgPppysdqfVRmpxQ</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>cracking-lens-targeting-https-hidden<br><a target="_blank" href="http://blog.portswigger.net/2017/07/cracking-lens-targeting-https-hidden.html?m=1">http://blog.portswigger.net/2017/07/cracking-lens-targeting-https-hidden.html?m=1</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>FLARE VM: The Windows Malware Analysis Distribution<br><a target="_blank" href="https://www.fireeye.com/blog/threat-research/2017/07/flare-vm-the-windows-malware.html">https://www.fireeye.com/blog/threat-research/2017/07/flare-vm-the-windows-malware.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>BinaryAlert: Serverless, Real-time &amp; Retroactive Malware Detection<br><a target="_blank" href="https://github.com/airbnb/binaryalert">https://github.com/airbnb/binaryalert</a></div><div class="single"><span id="tags">[观点]&nbsp;&nbsp;</span>绿盟科技《2017上半年网络安全观察》<br><a target="_blank" href="http://www.yunzhan365.com/81050356.html">http://www.yunzhan365.com/81050356.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>如何检测用USB创建并进行类似Stuxnet传播的隐蔽网络<br><a target="_blank" href="http://www.freebuf.com/news/140930.html">http://www.freebuf.com/news/140930.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>WINDOWS平台下的栈溢出攻击从0到1<br><a target="_blank" href="http://bbs.ichunqiu.com/thread-18052-1-1.html?from=sec">http://bbs.ichunqiu.com/thread-18052-1-1.html?from=sec</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>对抗蠕虫 —— 如何让按钮不被 JS 自动点击<br><a target="_blank" href="https://www.cnblogs.com/index-html/p/anti_xss_worm.html">https://www.cnblogs.com/index-html/p/anti_xss_worm.html</a></div></section>
<section id="news">
        <pre style="margin-top: 15px; margin-bottom: 15px; padding: 6px 10px; max-width: 100%; color: rgb(62, 62, 62); background-color: rgb(255, 255, 255); -webkit-print-color-adjust: exact; border-width: 1px; border-style: solid; border-color: rgb(204, 204, 204); font-size: 13px; line-height: 19px; overflow: auto; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;"><code class="" style="max-width: 100%; -webkit-print-color-adjust: exact; border-width: initial; border-style: none; border-color: initial; background-color: transparent; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;">-----微信ID：SecWiki-----
SecWiki，5年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com</code></pre>
    <p style="max-width: 100%; min-height: 1em; color: rgb(62, 62, 62); font-size: 16px; white-space: normal; background-color: rgb(255, 255, 255); box-sizing: border-box !important; word-wrap: break-word !important;"><span style="max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">本期原文地址:<span style="max-width: 100%; font-family: Helvetica, arial, sans-serif; box-sizing: border-box !important; word-wrap: break-word !important;">&nbsp;<a href="https://www.sec-wiki.com/weekly/178">SecWiki周刊(第178期)</a></span><br style="max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"></span></p>
</section>
    </div><!-- content -->
</div>
    </div>
</div>

<div id="footer" class="footer">
		<div class="container"  style="margin-top: 5px;">
			<div class="span3">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">最新公告</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='http://www.sec-wiki.com/about/donate'>2016-01-01 打赏功能开通</a><br>
						<a href='http://www.sec-wiki.com/about/join'>2015-01-05 如何加入SecWiki</a><br>
						<a href='http://www.sec-wiki.com/about/submit'>2014-08-08 如何快捷提交资讯</a><br>
						<a href='http://www.sec-wiki.com/about/index'>2012-07-01 关于SecWiki</a><br>
				</div>
			</div>

			<div class="span5">
				<div class="one-third column">
					<h5 class="title">
						<a target="_blank" href="/nav/index">友情链接</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='https://www.secsilo.com/'>安全沙漏</a>&nbsp;
						<a href='http://www.freebuf.com/'>Freebuf</a>&nbsp;
						<a href='http://www.anquanquan.info/'>安全圈</a>&nbsp;
						<a href='http://navisec.it/'>Navisec</a>&nbsp;
                        <a href='http://das.scusec.org'>小黑屋</a>&nbsp;
                        <a href='http://www.polaris-lab.com/'>勾陈Lab</a>
                        <br>
						<a href='http://www.ijiandao.com'>网络尖刀</a>&nbsp;
                        <a href='http://www.shellpub.com/'>ShellPub</a>&nbsp;
                        <a href='http://www.secpulse.com/?secwiki'>SecPulse</a>&nbsp;
                        <a href='https://www.secquan.org/'>圈子</a>
                        <a href='http://bluereader.org/'>深蓝阅读</a>&nbsp;<br>
                        <a href='http://www.bugbank.cn/'>漏洞银行</a>
                        <a href='http://bobao.360.cn/'>安全客</a>
                        <a href='http://www.secfree.com/'>指尖安全</a>
                        <a href='https://www.easyaq.com/'>E安全</a>
                        <a href='http://www.vipread.com/'>安全slide</a>

                        <a href="/link">更多</a>
					</p>
				</div>
			</div>

			<div class="span2">
			    <div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">SecWiki公众号</a>						<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/weixin.jpg">
					</div>
				</div>
			</div>

			<div class="span2">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/donate">安全学术圈</a>					<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/secquan.jpg">
					</div>
				</div>
			</div>

		</div>
		<div class="container" style="margin-top:5px;margin-bottom: 10px;">
			<div class="span9">
					Copyright &copy;
					2019                    琼ICP备16003361号-4
                    SecWiki
					<a href="/news/rss">
						<img src="/img/rss.gif" border="0" width="36px" height="14px" alt="订阅SecWiki">
					</a>
					<a href="https://www.upyun.com/">
						<img src="https://secwiki.b0.upaiyun.com/upyun.png" width="80" border="0" alt="UPYUN">
					</a>
					<a href="http://www.vultr.com/?ref=6885244">
						<img src="https://secwiki.b0.upaiyun.com/vultr.png" width="100" border="0" alt="vultr">
					</a>&nbsp;&nbsp;
			</div>
		</div>
</div><!-- footer -->
<div id="csswithjs">
        <script type="text/javascript">
            var _bdhmProtocol = (("https:" == document.location.protocol) ? " https://" : " http://");
            document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3Fbad84ea1f314383f8da7949aad5c2199' type='text/javascript'%3E%3C/script%3E"));
    </script>
</div>
<script type="text/javascript" src="https://secwiki.b0.upaiyun.com/js/bs.min.js"></script>
<script type="text/javascript">
/*<![CDATA[*/
jQuery(function($) {
jQuery('[data-toggle=popover]').popover();
jQuery('body').tooltip({"selector":"[data-toggle=tooltip]"});
jQuery('#yii_bootstrap_collapse_0').collapse({'parent':false,'toggle':false});
});
/*]]>*/
</script>
</body>
<!-- page -->
</html>
